Tagged Questions

I'm researching vendors which allow SSL termination and inspection, I came across Cisco CWSA technology, the technology was somewhat easy to understand the stuff which really boggled my mind was the ...

It seems this great tool has been lost to internet backlog somewhere. I cannot locate it anywhere. The description of tools provided is
http://www.securityfocus.com/tools/category/112
If someone on ...

In the IPS reports i see multiple counts of the same exploit from the same source ip. I wonder why would someone continue to attempt exploiting a vulnerability when he must have realized in the first ...

I'm currently looking for a decent book on network and infrastructure security (especially in the enterprise context). Could you point me to one or two recent books, please? Thanks a lot in advance!
...

I am a relatively new Snort user with years of sys admin experience. I feel that I must be missing something, because I find Snort rules to be completely undocumented and incomprehensible. Because of ...

for my new Job I have to prepare information about how Security Data Analysis is actually use in practice.
So my question is if someone can provide me with measurements/metrics/queries (don't really ...

I’m intending to submit a personal project for a “call for papers” for an upcoming Con. I have a really interesting topic that I wanted to submit for the talk. I was hoping to gain some feed back on ...

I am designing an anomaly-based intrusion detection system in java. It basically consists of a sniffer that identifies HTTP header fields and then analyze them according to a previous configured XML ...

Can you detect a keylogger when it is placed? Would it be possible to do that via a keyboard removed event, expecting the keyboard is not removed regularly?
So that you for example get a pop-up/alert ...

So I am trying to figure out what the packet payload is off of a possible TLS HeartBleed alert from my IDS. I have read that Wireshark is able to do it with some certain keys, but isn't that in real ...

There are lots of posts regarding the shellshock vulnerability. I can understand the vulnerability in detail.
However, I'm curious about why any Intrusion detection system or host-based tools (e.g., ...

Is Snort a good choice for monitoring network and web application traffic on Amazon EC2? If not, why and what IDS would you suggest? Is Snort a good choice to monitor for XSS, Sql Injection, attempt ...

I'm an apprentice in web security and I was assigned with the task of researching about OSSIM. Bear with my infinite ignorance as I take my questions to the stack exchange gurus.
What I know so far:
...

We are building and environment where mostly open source and trial versions would be used first before we purchase any product. I need your recommendation on the tools required to build a network that ...

I have configured 3 VMs: ossec server and two agents in CentOS 6 and Windows 2k8 R2. I have completed the setup and FIM and Log Management works smoothly. It also reports the new files. However, it ...

As far as I read, Emerging threats and VRT Snort rules are available freely, and also Pro (fee based). Is there any comparision, or anything to suggest choose one over another? What are the benefits ...

Anyone know which opensource network IDSs are using anomaly techniques? My project is to compare them, so if you could give me some hints, that would be much appreciated.
Currently, I am looking at ...

I'm trying to determine if Sagan can do anything similar to fail2ban where detected attacks can be temporarily blacklisted, via a system's firewall (iptables). Does Sagan have any "countermeasures" or ...